Now that we’ve taken stock of the year we’re leaving behind, it’s time to establish some resolutions for the year that lies ahead. As in any other field, there’s always something to do when it comes to cybersecurity. The latest report from Accenture, “The State of Cybersecurity and Digital Trust 2016” revealed that 69% of businesses have suffered an attempted or realized data theft over the course of last year. Malware and DDoS attacks figure among the biggest concerns of executives surveyed by the consultancy.

Business managers now have 12 months ahead of them in which to improve security strategies and avoid these much-feared risks. We’d like to propose a few guidelines to improve the protection of corporate systems in 2017.

1. Get On Board the HTTPS Train

The majority of websites visited with Firefox and Chrome in 2016 were already using the HTTPS communication protocol. HTTPS guarantees a secure connection by identifying devices and encrypting data. Every day, the number of websites and applications that use this method increases. But there are still a few stragglers. For this reason, Apple is requiring app developers to incorporate this protocol and Google will publicly mark websites that don’t use it. If you haven’t yet, now’s the time to make the move over to HTTPS for your website, and make sure that the applications and websites visited at your company are using it as well.

2. Be Proactive and Know the Risks

The threat of cyberattacks is no longer limited to big corporations. Nowadays any small or mid-sized company is fair game. Criminals are using new and increasingly sophisticated tools and strategies. Better safe than sorry, as the cliché goes. One of the first orders of business is to get a threat detection and prevention program, regularly conduct a system analysis in search of anomalies, and keep your IT team constantly up to date on the latest developments in the field.

3. Invest in Cybersecurity

The Accenture report points out that corporate budgets for cybersecurity are not enough, according to surveys conducted with employers. Investments in this area have to do with more than just security contractors. Worker training programs in IT security or the purchasing of specialized software also require funding.

4. Keep an Eye on Authentication

2016 was not Yahoo’s year. The company had to admit to the breach of 500 million users’ accounts. This attack, the most notorious one in recent months, has set off many alarms. Crucially, it raises the concern about password security in and out of corporate networks. It’s important to create complex passwords, use systems that require more than one login, and adopt multi-step authentication methods. The road to achieving this goes by way of building awareness in your workforce.

5. Come Up With a Contingency Plan

In case a threat makes it past your prevention measures, it’s always good to have a contingency plan in place. This should be a very thorough and well-designed plan that takes into account every possibility. Everything from DDoS attacks and ransomware to the disappearance of a company laptop. This document would establish response protocols to grapple with data breaches and other incidents, distribute damage control responsibilities to the team, and designate measures to be taken, among other things.

These are just a few possible suggestions. The list could go on and on, depending on each individual company’s weak points. A thorough revision of the security flaws that came to light in 2016 will be highly useful for making next year better, and, of course, protecting your IT infrastructure and never letting your guard down.